The CA SSO SiteMinder (smauthetsso) authentication scheme lets the SiteMinder Policy Server validate CA SSO authentication credentials so that a user already authenticated in an CA SSO/WAC environment does not need to re-authenticate to SiteMinder. This custom authentication scheme accepts a CA SSO Cookie as a login credential; has it validated by an CA SSO Policy Server; extracts the user name from it; and verifies that the name is present in the SiteMinder user store. You can set this authentication scheme in a cookie, cookieorbasic, or cookieorforms mode.
Note: The following procedure assumes you are creating a new object. You can also copy the properties of an existing object to create an object. More information exists in Duplicate Policy Server Objects.
To configure the authentication scheme
The Create Authentication Scheme pane opens.
Authentication scheme settings open.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Scheme-specific fields and controls open.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Mode [; <Target>] ; AdminID ; CAPS_Host ; FIPS_Mode ; Identity_File
Note: Separate tokens with semicolons. You may enter a space before and after each token for improved legibility.
Example: cookie ; SMPS_sso ; myserver.myco.com ; 0 ; /certificates/def_root.pem
Example: cookieorforms ; /siteminderagent/forms/login.fcc ; SMPS_sso ; myserver.myco.com ; 1 ; /certificates/def_root.pem
Specifies the type of credentials the authentication scheme accepts. Accepted values include cookie, cookieorbasic, or cookieorforms. cookie specifies that only CA SSO cookies are acceptable; cookieorbasic specifies that a basic authentication scheme is used to determine the login name and password if a CA SSO cookie is not provided; cookieorforms specifies that specifies that a forms authentication scheme is used to determine the login name and password if a CA SSO cookie is not provided.
Specifies the pathname of the .fcc file used by the HTML Forms authentication scheme.
Note: This value is only required for the cookieorforms mode.
Specifies the user name of the CA SSO Policy Server administrator for the CA SSO Policy Server. SiteMinder uses the administrator's user name and password to request validation of CA SSO cookies when authenticating to the CA SSO Policy Server.
Specifies the name of the host where the CA SSO Policy Server resides.
Specifies the FIPS mode of operation in which the Policy Server is operating. Zero (0) specifies non-FIPS mode. One (1) specifies FIPS mode.
Specifies the path to the CA SSO identity file. The Policy Server uses this file to communicate with the CA SSO Policy Server.
The authentication scheme is saved and may be assigned to a realm.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |